Threat Actors Flashcards
Section 3
An individual or entity responsible for incidents that impact security and data protection.
Threat Actor
Specific characteristics or properties that define and differentiate various threat actors from one another
Threat Actor Attributes
Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks
Unskilled Attackers
Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause
Hacktivists
Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud
Organized Crime
Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.
Nation-state Actors
Security threats that originate from within the organization
Insider Threats
IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval
Shadow IT
Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques
Honeypots
Creates an entire network of decoy systems to observe complex, multi-stage attacks
Honeynets
Decoy files placed within systems to detect unauthorized access or data breaches
Honeyfiles
Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used.
Honeytokens
What threat actor motivation is the unauthorized transfer of data from a computer
Data Exfiltration
What threat actor motivation is one of the most common motivation for cybercriminals
Financial Gain
What threat actor motivation is where the attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met
Blackmail
Often achieved by conducting a Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users
Service Disruption
Individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical
Philosophical or Political Beliefs
Attacks that are conducted due to philosophical or political beliefs of the attackers or socially motivated purposes is known as
Hacktivism
Ethical hackers, also known as Authorized hackers, are motivated by a desire to improve security
Ethical Reasons
An employee who is disgruntled, or one who has recently been fired or laid off, might want to harm their current or former employer by causing a data breach, disrupting services, or leaking sensitive information
Revenge
These actors, often referred to as unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm
Disruption or chaos
Involves spying on individuals, organizations, or nations to gather sensitive or classified information
Espionage
Cyberattacks have increasingly become a tool for nations to attack each other both on and off the battlefield
War
Individuals or entities within an organization who pose a threat to its security.
Internal Threat Actors
Individuals or groups outside an organization who attempt to breach its cybersecurity defenses
External Threat Actors
Refers to the tools, skills, and personnel at the disposal of a given threat actor
Resources and Funding
Refers to their technical skills, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures.
Level of Sophistication and Capability
The classification name for the low skill. An individual with limited technical knowledge who uses pre-made software or scripts to exploit computer systems and networks often without understanding the underlying principles
Script Kiddie
An individual who lacks the technical knowledge to develop their own hacking tools or exploits
Unskilled Attackers (Script Kiddie)
Highly skilled group primarily motivated by their ideological beliefs rather than trying to achieve financial gains
Hacktivists
Sophisticated and well-structured entities that leverage resources and high technical skills for illicit gain
Organized Cyber Crime Groups
Sophisticated cybercrime syndicate that has been linked to numerous high-profile data breaches
FIN7
Sophisticated cybercrime syndicate that has stolen over $1 billion from various banks around the world
Carbanak
Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
Nation-State Actors
Attack that is orchestrated in such a way that it appears to originate form a different source or group.
False Flag Attack
Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth
Advanced Persistent Threat
A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for a long period of time.
Advanced Persistent Threat
